The coronavirus (COVID-19) pandemic has exposed the fragility of traditional telephony infrastructure. Government and healthcare organizations utilizing limited PSTN-based fax numbers and legacy systems simply cannot handle the increased number of documents being transmitted each day. Busy signals, failed transmissions, and unsecure networks are delaying workflows and preventing critical documents including medical records, test results, and unemployment benefits from being processed fast and effectively.
Recently, a state unemployment department’s online system was overwhelmed when more than 72,000 people applied for unemployment insurance in one week. The department’s fax lines were constantly busy, making it difficult for thousands of people to submit unemployment claims.
To streamline workflows and eliminate busy signals, the department transitioned its outdated fax systems to a hybrid-cloud fax network with built-in redundancy. As a result, the department was able to keep pace with the high volume of faxes, eliminate busy signals and ensure the flow of business-critical correspondence.
Given the myriad of cases and tests related to the coronavirus, hospitals were also overloaded with the high-volume of protected health information (PHI) being transmitted. Moreover, hackers exploited weaknesses in medical devices, creating more chaos to an already frenetic situation.
According to Forescout, 53% of common medical devices still operate on traditional, legacy platforms, leaving hospitals wide open to cyberattacks due to insufficient access controls.
As a data protection standards and development certification organization, HITRUST helps organizations safeguard sensitive data and manage IT risk across all industries and throughout the third-party supply chain. Since it was founded in 2007, the HITRUST Common Security Framework (CSF) has become the gold standard for compliance framework in the healthcare industry as it addresses the requirements of existing standards and regulations including HIPAA, PCI, COBIT, NIST, ISO, FTC, and state laws.
To become HITRUST certified, an organization must first complete a HITRUST CSF Readiness assessment to determine if the current alignment of its security and privacy controls relates to the requirements defined in the HITRUST CSF. The organization can then select a certified HITRUST CSF Assessor Firm that will perform several risk assessments, audits, and quality assurance procedures over the course of two to four months.
The HITRUST CSF has 19 different domains including healthcare data protection and privacy, endpoint protection, mobile device security, incident management, and disaster recovery. An organization will be scored on these assessments and must meet a minimum compliance level to become HITRUST certified.
Research has shown 97 percent of organizations that pursue a HITRUST Certified Security Framework certification rapidly improve their information security posture to meet certification and, most importantly, maintain their security posture. Furthermore, with a mature information protection program in place, organizations are less likely to suffer a breach and are more likely to be able to contain and minimize the impact of a breach, should one occur.
Organizations that implement a robust information security continuous monitoring (ISCM) program such as HITRUST to continually assess the state of their information security controls not only achieve higher levels of maturity, but also make better and more timely decisions.
Today, the average cost of a healthcare data breach is $429 per record. When organizations factor in the loss of productivity, the amount of civil complaints and fines levied, plus the public relations besmirching, the cost implications skyrocket. In 2018, the Department of Health and Human Services Office of Civil Rights concluded a record year in HIPAA enforcement activity – 10 settlement cases and one judgment totaled a whopping $28.7 million.
Though every industry is susceptible to cyberattacks, healthcare has experienced the largest growth in attacks over the years because patient records, insurance information, and social security numbers are more valuable on the dark web. Unfortunately, legacy systems may to be blame for the uptick in cyberattacks. Forescout researchers determined 53% of common medical devices are still operating on traditional, legacy platforms.
Legacy systems, insufficient access controls, and the proliferation of medical IoT devices have created security vulnerabilities that leave hospitals wide open to cyberattacks. Research from Vectra found that the majority of legacy systems are unsecured because healthcare organizations simply can’t afford the amount of downtime that patching requires.
To guarantee that unstructured data is transmitted securely, healthcare organizations must extend their analog fax machines to a hybrid-cloud network that is HIPAA complaint and provides end-to-end encryption, two-factor authentication, and direct faxing capabilities.
By leveraging the cloud and delivering all faxes via HTTPS, outdated fax boards, media gateways, and the complex telephony stack are eliminated. Unlike a legacy analog fax infrastructure, hybrid cloud technology can ensure that time-sensitive protected health information (PHI) are delivered within seconds with high-resolution, near-diagnostic image quality, and the highest levels of encryption. The accessibility of fax, coupled with the scalability of the cloud, ensures the exchange of PHI among the healthcare ecosystem is protected. This allows patients to receive high-quality care without compromising their personal information.
Healthcare organizations know just how important it is to comply with the HIPAA Privacy Rule to protect sensitive and unstructured data such as patient records, scripts, discharge summaries, medical forms, authorizations, prescriptions, and insurance claims. However, in the event of an emergency, HIPAA compliance is usually the last thing on people’s minds. As a result, hospitals are often granted a HIPAA waiver of up to 72 hours from the time they first implement their disaster protocol. Unfortunately, without a HIPAA waiver, hospitals may face substantial liabilities and penalties for non-compliance.
Even worse, if a hospital’s network is affected by a natural disaster, cyberattack, or system outage, doctors may not be able to access medical records and patients will not receive the proper care. With any type of downtime, some disruption within a hospital is expected to occur. In some cases, these disruptions could be life-threatening. Reports have shown that more than 2,100 patient deaths are linked to hospital data breaches each year. Unfortunately, doctors are often so preoccupied with remediation activities after a breach occurs that patients no longer receive quality care.
Secure exchange network
To prevent tragedies, human errors, and system failures from occurring in the event of an emergency, healthcare organizations must utilize a HIPAA compliant, secure, and trusted network. The ideal secure exchange network will leverage hybrid cloud technology and military-grade encryption to provide 100 percent secure communications at all times. Document and fax transmissions sent via a trusted network will never traverse an external telephone network and, therefore, will remain secure between the remote client site and the secure exchange network at all times.
In addition to a secure exchange network, having a complete disaster recovery solution in place is business-critical. A disaster recovery solution works to ensure that organizations never experience downtime while inbound and outbound fax communications remain secure and protected from technical failures due to catastrophic events and natural disasters.
In this series, we are featuring some of the thousands of vendors who will be participating in the HIMSS15 conference and trade show. Through it, we hope to offer readers a closer look at some of the solution providers who will either be in attendance – with a booth showcasing and displaying key products and offerings – or that will have a presence of some kind at the show – key executives in attendance or presenting, for example.
Even as HIMSS Media has said that its employees will be making more of an effort this year to cover the trade show floor and its vendors and events, hopefully this series will give you a bit more useful information about the companies that help make this event, and the industry as a whole, so exciting.
Founded in 2009, etherFAX offers a solution that extends existing fax server solutions to the cloud. By eliminating the need for costly network fax systems, such as fax boards and recurring telephony fees, etherFAX leverages the Internet to manage all business-critical fax communications for healthcare organizations.
etherFAX was established in 2009 and leverages talent with 30-plus years of experience designing and developing fax technology solutions. By eliminating the need for costly components such as fax boards, media gateways, and telephony infrastructure, etherFAX’s namesake technology, network and datacenter solutions leverage the Internet to manage business-critical fax communications.
As a hybrid fax solution, etherFAX eliminates the complexities and costs of provisioning SIP, T.38, PRI, T1, and other analog connections. By simply connecting on-premise fax server resources to etherFAX, all fax communications are securely delivered via the cloud. Say goodbye to expensive fax hardware, complex fault-tolerant designs, and costly disaster recovery solutions. etherFAX is the fax board in the cloud, capable of processing billions of faxes.
etherFAX serves the healthcare market by securely transmit electronic health records (EHRs), electronic medical records (EMRs), health information exchange data (HIEs) and unstructured patient data. etherFAX enables healthcare organizations and medical groups, insurance companies and billing operators to securely transport data and ensure compliance with government mandated regulations such as the Health Insurance Portability and Accountability Act (HIPAA).
Fully integrating with existing fax servers and applications such as EMR solutions and healthcare management systems, etherFAX leverages the Internet to manage all healthcare-critical fax communications without capacity constraints.
Services and Products Offered
HIMSS 15 Focus:
o etherFAX – Extending existing fax server solutions to the cloud, etherFAX eliminates the need for costly network fax systems, such as fax boards and recurring telephony fees. etherFAX leverages the Internet to manage all your business-critical fax communications.
o etherFAX SEN – Gives healthcare and enterprise organizations the capability to create their own private fax network to ensure secure data and document transmissions. Offering a simple and unique approach to document delivery, etherFAX SEN offers speed, performance and reliability without compromising security.
o etherFAX A2E – The etherFAX A2E device, manufactured by MultiTech, provides a plug-and-play device that enables organizations to extend their existing fax machines to the cloud.
etherFAX DR – Provides immediate failover for all business-critical fax communications, ensuring uptime when existing telephony equipment fails, such as fax boards, PRI lines, servers and applications.
etherFAX Toolkit – Integrating fax capabilities within applications has never been easier with the etherFAX API. The solution provides the capability to fax-enable custom developed applications in addition to enterprise resource planning (ERP), document management systems, etc.
etherFAX Colocation Services – etherFAX provides highly-secure, protected, and climate-controlled colocation services that are capable of supporting the most complex business-critical IT environments.